SNMP Information
What is SNMP?
SNMP stands for the Simple Network Management Protocol. At its heart, SNMP is a set of rules that allows a computer to get statistics from another computer across the Internet.
Computers keep track of various statistics that measure what they're doing. For example, routers can keep track of the number of bytes, packets, and errors that were transmitted and received on each interface (port). Web servers might keep a tally of the number of hits they have received. Other kinds of equipment have configuration information that's available through SNMP.
Management Information Base (MIB)
Each of these pieces of information (packet statistics, page hits, configuration) is kept in a database described by a Management Information Base (a MIB in SNMP parlance.) There are a many different MIBs, describing many different aspects of a computer's operation.
MIB Variables and OIDs (Object Identifiers)
The various values that can be retrieved from a MIB are called MIB variables. These variables are defined in the MIB for a device. Each MIB variable is named by an Object Identifier (OID), which usually has a name in the form of numbers separated by periods ("."), like this:
1.3.6.1.xxxx.x.x.x.x...
For example, the MIB-II (pronounced, "MIB two") has a variable that indicates the number of interfaces (ports) in a router. It's called the "ifNumber", and its OID is 1.3.6.1.2.1.2.1.0
Intermapper can query a device for the MIB variables and display the results. When a device receives a SNMP Get-Request for this ifNumber OID, it responds with the count of interfaces.
Note: The trailing ".0" in the example above is technically part of the OID. Although you will often see OIDs written without it, Intermapper requires that it be present wherever you enter an OID.
Enterprise Numbers and OIDs
You may notice that most OIDs start with 1.3.1.6.1.x. If the 6th number is 4, the OID is generated by a private enterprise. The 7th number is the Enterprise number, assigned to the organization by the IANA as defined here:
http://www.iana.org/assignments/enterprise-numbers
The remaining numbers are generated by and under the control of the registered enterprise.
What is the 'Read-only Community String'?
The SNMP Read-Only Community String is like a password. It is sent along with each SNMP Get-Request and allows (or denies) access to device. Most network vendors ship their equipment with a default password of "public". (This is the so-called "default public community string".) Many network administrators will change the community string to keep intruders from getting information about the network setup. This is a good idea. Even if it's only read-access, SNMP can divulge a lot of information about the network that could be used to compromise it.
If there's a "read-only community string", you might expect that there is a"Write community string". You'd be correct. There is also a SNMP Set-Request, which is a command to set certain SNMP MIB variables (e.g., certain OIDs) to a specified value. These writes are protected by the write community string (which should never be set to 'public'!). Many SNMP-speaking devices also have IP address filters that ignore requests (read and write) unless the source address is on an access list.
There's also a SNMP Trap, which is an unsolicited message from a device to an SNMP console (for example, Intermapper) that the device is in an interesting state. Traps might indicate power-up or link-up/down conditions temperatures exceeding certain thresholds, high traffic, etc. Traps provide an immediate notification for an event that might otherwise be discovered only during occasional polling.
Why can't I get SNMP information from a device?
Intermapper requires that SNMP be available and configured to display traffic information. The most common cause of not being able to see traffic is that you haven't entered the SNMP Read-only community string. (This is like a password that controls whether another computer can retrieve SNMP information.)In order of simplest to most complex, here is a list of reasons that Intermapper might not get SNMP information from a device:
- Wrong DNS name/IP address - (not likely, but we have to mention it)
- No connectivity - Can you ping the device from Intermapper?
- No SNMP agent on the device - Many devices or computers have optional SNMP capabilities that must be installed separately.
- Is the SNMP agent disabled? - Many devices allow you to disable the SNMP capability totally, or from certain ports.
- If the SNMP agent is based on net-snmp or UCD-snmp package - be sure that the configuration file specifically lists Intermapper's IP address/subnet as an allowed client
- In a custom probe, have you specified the OID properly? - (See the OID Format FAQ for details.)
- Wrong Community string - (have you tried 'public' ?)
- Access lists: does the equipment only allow SNMP access from certain addresses?
- Firewalls: does a firewall block the SNMP port between your macOS and the equipment?
- Bugs in the SNMP agent on the equipment - Intermapper uses SNMP Get-Next-Requests in several places. We've seen certain equipment that fails when queried this way.
If you're sure that you've checked all these things and you still can't get SNMP information, please get back to us at support@Intermapper.com. We may have some tricks up our sleeves. (Or we may wind up learning something!)
How can Intermapper query a particular MIB variable?
There are two kinds of MIB variables: scalar values and table entries.
- Scalars have a single value, such as the interface number shown above. For example, the ifNumber MIB variable of a router is a single number that represents the total number of its interfaces (ports).
- Table values, on the other hand, provide the same pieces of information for different items, such as the traffic for each of a router's ports, or information about each of the TCP connections in a device.
Intermapper can read and display both scalar variables and table variables in its custom SNMP probes.
Scalar values must have a ".0" suffix in their OIDs. For example, the OID for ifNumber in MIB-II is often written as "1.3.6.1.2.1.2.1". In custom probe files, it should be represented as "1.3.6.1.2.1.2.1.0". (This ".0" is technically part of the OID - it's convenient not to write it, though.)
Table variables are generally suffixed with the index of the row. (This isn't always true: see the note below). For example, the Cisco Environment Monitoring MIB defines two variables for the input air temperature and input voltage as the first rows in each of these tables:
ciscoEnvMonTemperatureStatusValue 1.3.6.1.4.1.9.9.13.1.3.1.3 ciscoEnvMonVoltageStatusValue 1.3.6.1.4.1.9.9.13.1.2.1.3
If you add a suffix ".1" to each of these, you'll get the value of the first row; add ".2" to as a suffix, you'll get the second row, etc.
Do all tables have an index?
As noted above, some tables don't have a separate index column. These rows are named (their OIDs are specified by) data in the row. For example, the OID for tcpConnState row, the status of a particular TCP connection is "1.3.6.1.2.1.6.13.1.1". Its index is the source and destination IP address and port (all four values) which are appended to the tcpConnState OID. Thus, the full OID for the state of a TCP connection from 9.8.7.6 port 543 to 123.45.67.89 port 8765 would be:
1.3.6.1.2.1.6.13.1.1.9.8.7.6.543.123.45.67.89.8765
Where can I read more information about SNMP?
A periodic newsletter, The Simple Times, is online at:
A great site pointing to various snmp products:
How do I interpret an unknown enterprise number?
Q: My error log file shows the following lines:
14/02 15:13:07 TRAP CITRIX1:: coldStart14/02 15:13:07 TRAP CITRIX1:: linkUp, ifIndex = 114/02 15:13:07 TRAP CITRIX1:: linkUp, ifIndex = 1677721914/02 15:14:07 TRAP CITRIX1:: 1.3.6.1.4.1.3845.3.1.1 (8) { <no variables> }
Can you tell me what that SNMP ID is? (1.3.6.1.4.1.3845.3.1.1 (8))
A: The "1.3.6.1.4.1..." prefix of the OID indicates that the trap is from a private enterprise MIB. You can find out what enterprise by downloading the Enterprise Numbers RFC from:
http://www.iana.org/assignments/enterprise-numbers
Reading through the file indicates this:
3845 Citrix Systems Keith Turnbull keitht@citrix.com
You should contact the Citrix company (or read their MIB) to find out the exact interpretation of the trap's OID.
Is there a way to scan a network for all SNMP devices?
Intermapper will do a very good job of finding SNMP-speaking devices if you know the devices' SNMP Read-only Community string. Detailed instructions for scanning a subnet are available from the network scanning page. Be sure to set the default SNMP Read-only Community String as shown in the SNMP Preferences.
Intermapper may not be able to find a device for any of these reasons.